Skip to content

CVE-2019-18218 number is incorrect in main/file/APKBUILD

When CVE-2019-18218 was fixed in #10911 (closed) the CVE number added in main/file/APKBUILD is wrong by a digit (9 instead of 8):

 # secfixes:
+#   5.36-r1:
+#     - CVE-2019-19218
 #   5.36-r0:
 #   - CVE-2019-8904
 #   - CVE-2019-8905

CVE-2019-19218 does not exist.

This is bad because those are used to create automated vulnerability databases like alpine-secdb and vuln-list which alert users to a nonexistent CVE. We found it because Clair started flagging our alpine containers as having this CVE which we couldn't find in the CVE database.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information